Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ftgl-2.4.0/cmake/config.h
Examining data/ftgl-2.4.0/demo/FTGLDemo.cpp
Examining data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp
Examining data/ftgl-2.4.0/demo/c-demo.c
Examining data/ftgl-2.4.0/demo/simple.cpp
Examining data/ftgl-2.4.0/demo/tb.c
Examining data/ftgl-2.4.0/demo/tb.h
Examining data/ftgl-2.4.0/demo/trackball.c
Examining data/ftgl-2.4.0/demo/trackball.h
Examining data/ftgl-2.4.0/msvc/config.h
Examining data/ftgl-2.4.0/src/FTBuffer.cpp
Examining data/ftgl-2.4.0/src/FTCharToGlyphIndexMap.h
Examining data/ftgl-2.4.0/src/FTCharmap.cpp
Examining data/ftgl-2.4.0/src/FTCharmap.h
Examining data/ftgl-2.4.0/src/FTCleanup.cpp
Examining data/ftgl-2.4.0/src/FTCleanup.h
Examining data/ftgl-2.4.0/src/FTContour.cpp
Examining data/ftgl-2.4.0/src/FTContour.h
Examining data/ftgl-2.4.0/src/FTFace.cpp
Examining data/ftgl-2.4.0/src/FTFace.h
Examining data/ftgl-2.4.0/src/FTFont/FTBitmapFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTBitmapFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTBufferFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTExtrudeFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTExtrudeFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTFontGlue.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTOutlineFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTOutlineFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTPixmapFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTPixmapFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTPolygonFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTPolygonFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTTextureFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTTextureFontImpl.h
Examining data/ftgl-2.4.0/src/FTFont/FTTriangleExtractorFont.cpp
Examining data/ftgl-2.4.0/src/FTFont/FTTriangleExtractorFontImpl.h
Examining data/ftgl-2.4.0/src/FTGL.cpp
Examining data/ftgl-2.4.0/src/FTGL/FTBBox.h
Examining data/ftgl-2.4.0/src/FTGL/FTBitmapGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTBuffer.h
Examining data/ftgl-2.4.0/src/FTGL/FTBufferFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTBufferGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTExtrdGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLBitmapFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLExtrdFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLOutlineFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLPixmapFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLPolygonFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLTextureFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGLTriangleExtractorFont.h
Examining data/ftgl-2.4.0/src/FTGL/FTGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTLayout.h
Examining data/ftgl-2.4.0/src/FTGL/FTLibrary.h
Examining data/ftgl-2.4.0/src/FTGL/FTOutlineGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTPixmapGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTPoint.h
Examining data/ftgl-2.4.0/src/FTGL/FTPolyGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTSimpleLayout.h
Examining data/ftgl-2.4.0/src/FTGL/FTTextureGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/FTTriangleExtractorGlyph.h
Examining data/ftgl-2.4.0/src/FTGL/ftgl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTExtrudeGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTExtrudeGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyphGlue.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTOutlineGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTOutlineGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTPixmapGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTPixmapGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTPolygonGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTPolygonGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTTextureGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTTextureGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyph/FTTriangleExtractorGlyph.cpp
Examining data/ftgl-2.4.0/src/FTGlyph/FTTriangleExtractorGlyphImpl.h
Examining data/ftgl-2.4.0/src/FTGlyphContainer.cpp
Examining data/ftgl-2.4.0/src/FTGlyphContainer.h
Examining data/ftgl-2.4.0/src/FTInternals.h
Examining data/ftgl-2.4.0/src/FTLayout/FTLayout.cpp
Examining data/ftgl-2.4.0/src/FTLayout/FTLayoutGlue.cpp
Examining data/ftgl-2.4.0/src/FTLayout/FTLayoutImpl.h
Examining data/ftgl-2.4.0/src/FTLayout/FTSimpleLayout.cpp
Examining data/ftgl-2.4.0/src/FTLayout/FTSimpleLayoutImpl.h
Examining data/ftgl-2.4.0/src/FTLibrary.cpp
Examining data/ftgl-2.4.0/src/FTList.h
Examining data/ftgl-2.4.0/src/FTPoint.cpp
Examining data/ftgl-2.4.0/src/FTSize.cpp
Examining data/ftgl-2.4.0/src/FTSize.h
Examining data/ftgl-2.4.0/src/FTUnicode.h
Examining data/ftgl-2.4.0/src/FTVector.h
Examining data/ftgl-2.4.0/src/FTVectoriser.cpp
Examining data/ftgl-2.4.0/src/FTVectoriser.h
Examining data/ftgl-2.4.0/test/CTest.c
Examining data/ftgl-2.4.0/test/CXXTest.cpp
Examining data/ftgl-2.4.0/test/FTBBox-Test.cpp
Examining data/ftgl-2.4.0/test/FTBitmapFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTBitmapGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTBufferFont-Bitmap.cpp
Examining data/ftgl-2.4.0/test/FTCharToGlyphIndexMap-Test.cpp
Examining data/ftgl-2.4.0/test/FTCharmap-Test.cpp
Examining data/ftgl-2.4.0/test/FTContour-NaN.cpp
Examining data/ftgl-2.4.0/test/FTContour-Test.cpp
Examining data/ftgl-2.4.0/test/FTExtrudeFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTExtrudeGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTFace-Test.cpp
Examining data/ftgl-2.4.0/test/FTFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTGlyphContainer-Test.cpp
Examining data/ftgl-2.4.0/test/FTLibrary-Test.cpp
Examining data/ftgl-2.4.0/test/FTList-Test.cpp
Examining data/ftgl-2.4.0/test/FTMesh-Test.cpp
Examining data/ftgl-2.4.0/test/FTOutlineFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTOutlineFont-UnInVec.cpp
Examining data/ftgl-2.4.0/test/FTOutlineGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTPixmapFont-Bitmap.cpp
Examining data/ftgl-2.4.0/test/FTPixmapFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTPixmapGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTPoint-Test.cpp
Examining data/ftgl-2.4.0/test/FTPolygonFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTPolygonFont-UnInVec.cpp
Examining data/ftgl-2.4.0/test/FTPolygonGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTSize-Test.cpp
Examining data/ftgl-2.4.0/test/FTTesselation-Test.cpp
Examining data/ftgl-2.4.0/test/FTTextureFont-Bitmap.cpp
Examining data/ftgl-2.4.0/test/FTTextureFont-Test.cpp
Examining data/ftgl-2.4.0/test/FTTextureGlyph-Test.cpp
Examining data/ftgl-2.4.0/test/FTTriangleExtract-Test.cpp
Examining data/ftgl-2.4.0/test/FTVector-Test.cpp
Examining data/ftgl-2.4.0/test/FTVectoriser-Test.cpp
Examining data/ftgl-2.4.0/test/FTlayout-Test.cpp
Examining data/ftgl-2.4.0/test/HPGCalc_afm.cpp
Examining data/ftgl-2.4.0/test/HPGCalc_pfb.cpp
Examining data/ftgl-2.4.0/test/demo.cpp
Examining data/ftgl-2.4.0/test/mmgr.cpp
Examining data/ftgl-2.4.0/test/mmgr.h
Examining data/ftgl-2.4.0/test/nommgr.h
FINAL RESULTS:
data/ftgl-2.4.0/test/mmgr.cpp:258:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, format, ap);
data/ftgl-2.4.0/test/mmgr.cpp:341:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s(%05d)::%s", sourceFileStripper(sourceFile), sourceLine, sourceFunc);
data/ftgl-2.4.0/test/mmgr.cpp:377:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (size > (1024*1024)) sprintf(str, "%10s (%7.2fM)", insertCommas(size), (float) size / (1024.0f * 1024.0f));
data/ftgl-2.4.0/test/mmgr.cpp:378:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (size > 1024) sprintf(str, "%10s (%7.2fK)", insertCommas(size), (float) size / 1024.0f);
data/ftgl-2.4.0/test/mmgr.cpp:379:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(str, "%10s bytes ", insertCommas(size));
data/ftgl-2.4.0/demo/FTGLDemo.cpp:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myString[4096];
data/ftgl-2.4.0/demo/FTGLDemo.cpp:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myString, "OpenGL is a powerful software interface for graphics "
data/ftgl-2.4.0/demo/FTGLDemo.cpp:185:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myString, "OpenGL (Open Graphics Library — открытая графическая "
data/ftgl-2.4.0/demo/FTGLDemo.cpp:191:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myString, "OpenGL™ 是行业领域中最为广泛接纳的 2D/3D 图形 API, "
data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp:95:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myString[4096];
data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp:206:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myString, "OpenGL is a powerful software interface for graphics "
data/ftgl-2.4.0/src/FTFace.cpp:122:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FT_Open_Args open;
data/ftgl-2.4.0/src/FTFace.cpp:124:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.flags = FT_OPEN_MEMORY;
data/ftgl-2.4.0/src/FTFace.cpp:125:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.memory_base = (FT_Byte const *)pBufferBytes;
data/ftgl-2.4.0/src/FTFace.cpp:126:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.memory_size = (FT_Long)bufferSizeInBytes;
data/ftgl-2.4.0/src/FTFace.cpp:128:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = FT_Attach_Stream(*ftFace, &open);
data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:198:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, len);
data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, len * sizeof(wchar_t));
data/ftgl-2.4.0/src/FTGL/FTFont.h:590:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
FTGL_EXPORT void ftglGetFontBBox(FTGLfont* font, const char *string,
data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyph.cpp:94:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srcPitch);
data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyph.cpp:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels, bitmap.buffer, bitmap.pitch * bitmap.rows);
data/ftgl-2.4.0/src/FTLayout/FTLayoutGlue.cpp:83:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ftglGetLayoutBBox(FTGLlayout *l, const char * s, float c[6])
data/ftgl-2.4.0/src/FTUnicode.h:151:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char utf8bytes[256];
data/ftgl-2.4.0/test/FTContour-Test.cpp:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char straightLineTags[3] =
data/ftgl-2.4.0/test/FTContour-Test.cpp:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char brokenTags[3] =
data/ftgl-2.4.0/test/FTContour-Test.cpp:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char simpleConicTags[3] =
data/ftgl-2.4.0/test/FTContour-Test.cpp:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char doubleConicTags[4] =
data/ftgl-2.4.0/test/FTContour-Test.cpp:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cubicTags[4] =
data/ftgl-2.4.0/test/FTContour-Test.cpp:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char compositeTags[18] =
data/ftgl-2.4.0/test/HPGCalc_afm.cpp:15:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char byte_data_HPGCalc_afm[ ] =
data/ftgl-2.4.0/test/HPGCalc_pfb.cpp:15:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char byte_data_HPGCalc_pfb[ ] =
data/ftgl-2.4.0/test/demo.cpp:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[8][256];
data/ftgl-2.4.0/test/demo.cpp:249:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fontFilePath, "r");
data/ftgl-2.4.0/test/mmgr.cpp:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];
data/ftgl-2.4.0/test/mmgr.cpp:267:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(memoryLogFile, "ab");
data/ftgl-2.4.0/test/mmgr.cpp:339:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[90];
data/ftgl-2.4.0/test/mmgr.cpp:349:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[30];
data/ftgl-2.4.0/test/mmgr.cpp:352:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%u", value);
data/ftgl-2.4.0/test/mmgr.cpp:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[90];
data/ftgl-2.4.0/test/mmgr.cpp:530:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(memoryLeakLogFile, "w+b");
data/ftgl-2.4.0/test/mmgr.cpp:541:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timeString[25];
data/ftgl-2.4.0/test/mmgr.cpp:1122:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (au->sourceFile, "??");
data/ftgl-2.4.0/test/mmgr.cpp:1124:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (au->sourceFunc, "??");
data/ftgl-2.4.0/test/mmgr.cpp:1319:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (au->sourceFile, "??");
data/ftgl-2.4.0/test/mmgr.cpp:1321:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy (au->sourceFunc, "??");
data/ftgl-2.4.0/test/mmgr.cpp:1674:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (overwrite) fp = fopen(filename, "w+b");
data/ftgl-2.4.0/test/mmgr.cpp:1675:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fp = fopen(filename, "ab");
data/ftgl-2.4.0/test/mmgr.cpp:1684:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timeString[25];
data/ftgl-2.4.0/test/mmgr.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourceFile[40];
data/ftgl-2.4.0/test/mmgr.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourceFunc[40];
data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:213:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)wcslen(s);
data/ftgl-2.4.0/test/mmgr.cpp:353:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 3)
data/ftgl-2.4.0/test/mmgr.cpp:355:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-3], &str[strlen(str)-4], 4);
data/ftgl-2.4.0/test/mmgr.cpp:355:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-3], &str[strlen(str)-4], 4);
data/ftgl-2.4.0/test/mmgr.cpp:356:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - 4] = ',';
data/ftgl-2.4.0/test/mmgr.cpp:358:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 7)
data/ftgl-2.4.0/test/mmgr.cpp:360:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-7], &str[strlen(str)-8], 8);
data/ftgl-2.4.0/test/mmgr.cpp:360:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-7], &str[strlen(str)-8], 8);
data/ftgl-2.4.0/test/mmgr.cpp:361:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - 8] = ',';
data/ftgl-2.4.0/test/mmgr.cpp:363:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 11)
data/ftgl-2.4.0/test/mmgr.cpp:365:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-11], &str[strlen(str)-12], 12);
data/ftgl-2.4.0/test/mmgr.cpp:365:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&str[strlen(str)-11], &str[strlen(str)-12], 12);
data/ftgl-2.4.0/test/mmgr.cpp:366:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str) - 12] = ',';
data/ftgl-2.4.0/test/mmgr.cpp:1121:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (sourceFile) strncpy(au->sourceFile, sourceFileStripper(sourceFile), sizeof(au->sourceFile) - 1);
data/ftgl-2.4.0/test/mmgr.cpp:1123:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (sourceFunc) strncpy(au->sourceFunc, sourceFunc, sizeof(au->sourceFunc) - 1);
data/ftgl-2.4.0/test/mmgr.cpp:1318:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (sourceFile) strncpy(au->sourceFile, sourceFileStripper(sourceFile), sizeof(au->sourceFile) - 1);
data/ftgl-2.4.0/test/mmgr.cpp:1320:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (sourceFunc) strncpy(au->sourceFunc, sourceFunc, sizeof(au->sourceFunc) - 1);
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 29760 in approximately 1.22 seconds (24324 lines/second)
Physical Source Lines of Code (SLOC) = 18562
Hits@level = [0] 82 [1] 17 [2] 45 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 149 [1+] 67 [2+] 50 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 8.02715 [1+] 3.60952 [2+] 2.69368 [3+] 0.269368 [4+] 0.269368 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.